from datetime import timedelta

class UserConfig:
    # JWT配置
    JWT_SECRET_KEY = "your-secret-key-here"  # 建议使用强随机密钥
    JWT_ACCESS_TOKEN_EXPIRES = timedelta(hours=1)  # 访问令牌过期时间
    JWT_REFRESH_TOKEN_EXPIRES = timedelta(days=30)  # 刷新令牌过期时间
    JWT_BLACKLIST_ENABLED = True  # 启用令牌黑名单
    
    # Cookie配置
    COOKIE_SECURE = True  # 仅通过HTTPS发送cookie
    COOKIE_HTTPONLY = True  # 防止JavaScript访问cookie
    COOKIE_SAMESITE = 'Lax'  # 防止CSRF攻击
    
    # 密码策略
    PASSWORD_MIN_LENGTH = 8  # 密码最小长度
    PASSWORD_REQUIRE_SPECIAL = True  # 要求包含特殊字符
    PASSWORD_REQUIRE_NUMBERS = True  # 要求包含数字
    PASSWORD_REQUIRE_UPPERCASE = True  # 要求包含大写字母
    
    # 登录尝试限制
    MAX_LOGIN_ATTEMPTS = 5  # 最大登录尝试次数
    LOGIN_TIMEOUT = timedelta(minutes=15)  # 登录超时时间
    
    # 会话配置
    SESSION_PERMANENT = True  # 持久会话
    PERMANENT_SESSION_LIFETIME = timedelta(days=7)  # 会话生命周期
    
    # 令牌刷新配置
    TOKEN_REFRESH_GRACE_PERIOD = timedelta(days=3)  # 令牌刷新宽限期
    
    # CORS配置
    CORS_ORIGINS = ["http://localhost:5173"]  # 允许的跨域来源
    CORS_METHODS = ["GET", "POST", "PUT", "DELETE", "OPTIONS"]
    CORS_ALLOW_HEADERS = ["Content-Type", "Authorization"]
    
    @staticmethod
    def init_app(app):
        """初始化应用配置"""
        app.config["JWT_SECRET_KEY"] = UserConfig.JWT_SECRET_KEY
        app.config["JWT_ACCESS_TOKEN_EXPIRES"] = UserConfig.JWT_ACCESS_TOKEN_EXPIRES
        app.config["JWT_REFRESH_TOKEN_EXPIRES"] = UserConfig.JWT_REFRESH_TOKEN_EXPIRES
        app.config["JWT_BLACKLIST_ENABLED"] = UserConfig.JWT_BLACKLIST_ENABLED
        
        # 设置Cookie安全属性
        app.config["SESSION_COOKIE_SECURE"] = UserConfig.COOKIE_SECURE
        app.config["SESSION_COOKIE_HTTPONLY"] = UserConfig.COOKIE_HTTPONLY
        app.config["SESSION_COOKIE_SAMESITE"] = UserConfig.COOKIE_SAMESITE